Merge remote-tracking branch 'origin/release-6.0' into release-6.1

Author: zmstone

dir.yaml

@@ -827,22 +827,16 @@
           path: observability/opentelemetry/opentelemetry
           collapsed: true
           children:
-            - title_en: Metrics
-              title_cn: 指标
-              title_ja: 指標
-              path: observability/opentelemetry/metrics
-            - title_en: Logs
-              title_cn: 日志
-              title_ja: ログ
-              path: observability/opentelemetry/logs
-            - title_en: Traces
-              title_cn: 追踪
-              title_ja: トレース
-              path: observability/opentelemetry/traces
+            - observability/opentelemetry/metrics
+            - observability/opentelemetry/logs
+            - observability/opentelemetry/traces
             - title_en: End-to-end Traces
               title_cn: 端到端追踪
               title_ja: エンドツーエンドトレース
               path: observability/opentelemetry/e2e-traces
+              collapsed: true
+              children:
+                - observability/opentelemetry/e2e_span_details
     - title_en: Backup and Restore
       title_cn: 备份与恢复
       title_ja: バックアップとリストア

en_US/access-control/authn/assets/authn-redis.png

@@ -1,6 +1,6 @@
 # Integrate with Redis
 
-EMQX supports integrating with Redis for password authentication. EMQX Redis authenticator currently supports connecting to running in three different modes, which are Single, [Redis Sentinel](https://redis.io/docs/manual/sentinel/) and [Redis Cluster](https://redis.io/docs/manual/scaling/). This section gives detailed instructions on the data schema supported and on how to configure with EMQX Dashboard and configuration file. 
+EMQX supports integrating with Redis for password authentication. EMQX Redis authenticator currently supports connecting to Redis running in three different modes, which are Single, [Redis Sentinel](https://redis.io/docs/manual/sentinel/), and [Redis Cluster](https://redis.io/docs/manual/scaling/). This section gives detailed instructions on the data schema supported and on how to configure with EMQX Dashboard and the configuration file. 
 
 ::: tip Prerequisite:
 
@@ -51,37 +51,56 @@ You can use EMQX Dashboard to configure how to use Redis for password authentica
 
 <img src="./assets/authn-redis.png" alt="Authentication with redis" style="zoom:67%;" />
 
-4. Follow the instructions below to configure the authentication backend:
-
-   - Enter the information for connecting to Redis.
-
-     - **Redis Mode**: Select how Redis is deployed, including `Single`, `Sentinel` and `Cluster`. 
-     - **Server(s)**: Specify the Redis server address that EMQX is to connect, if **Redis Mode** is set to `Sentinel` or `Cluster`, you will need to input all Redis servers (separated with a `,`) that EMQX is to connect.
-     - **Sentinel Name**: Specify the name to use; type: strings; only needed if you set **Redis Mode** to `Sentinel`.
-     - **Database**: Redis database name; Data type: strings.
-     - **Password**: Specify Redis user password. 
-   - Configure settings related to authentication:
-
-     - **Password Hash**: Select the password hashing algorithm applied to plain-text passwords before results are stored in the database. Available options are `plain`, `md5`, `sha`, `sha256`, `sha512`, `bcrypt`, and `pbkdf2`. Additional configurations depend on the selected algorithm:
-       - For `md5`, `sha`, `sha256` or `sha512`:
-         - **Salt Position**: Determines how salt (random data) is mixed with the password. Options are `suffix`, `prefix`, or `disable`.  You can keep the default value unless you migrate user credentials from external storage into the EMQX built-in database.
-         - Resulting hash is represented as a string of hexadecimal characters, and compared case-insensitively with the stored credential.
-       - For `plain`:
-         - **Salt Position**: should be `disable`.
-       - For `bcrypt`:
-         - **Salt Rounds**: Defines the number of times the hash function is applied, expressed as _2<sup>Salt Rounds</sup>_, also known as the "cost factor". The default value is `10`, with a permissible range of `5` to `10`. A higher value is recommended for enhanced security. Note: Increasing the cost factor by 1 doubles the necessary time for authentication.
-       - For `pbkdf2`:
-         - **Pseudorandom Function**: Selects the hash function that generates the key, such as `sha256`.
-         - **Iteration Count**: Sets the number of times the hash function is executed. The default is `4096`.
-         - **Derived Key Length** (optional): Specifies the length in bytes of the generated key. If left blank, the length will default to that determined by the selected pseudorandom function.
-         - Resulting hash is represented as a string of hexadecimal characters, and compared case-insensitively with the stored credential.
-   - **Precondition**: A [Variform expression](../../configuration/configuration.md#variform-expressions) used to control whether this Redis authenticator should be applied to a client connection. The expression is evaluated against attributes from the client (such as `username`, `clientid`, `listener`, etc.). The authenticator will only be invoked if the expression evaluates to the string `"true"`. Otherwise, it will be skipped. For more information about the precondition, see [Authenticator Preconditions](./authn.md#authenticator-preconditions).
-   - **Enable TLS**: Turn on the toggle switch if you want to enable TLS. For more information on enabling TLS, see [Network and TLS](../../network/overview.md).
-   - **CMD**: Redis query command. 
-   - **Advanced Settings**: 
-     - **Pool size** (optional): Specify the number of concurrent connections from an EMQX node to a Redis server. Default: `8`. 
-
-5. After you finish the settings, click **Create**.
+Follow the instructions below on how to configure the authentication:
+
+**Connect**: Enter the information for connecting to Redis.
+
+- **Redis Mode**: Select how Redis is deployed, including `Single`, `Sentinel` and `Cluster`. 
+
+- **Server(s)**: Specify the Redis server address that EMQX is to connect, if **Redis Mode** is set to `Sentinel` or `Cluster`, you will need to input all Redis servers (separated with a `,`) that EMQX is to connect.
+
+- **Sentinel Name**: Specify the name to use; type: strings; only needed if you set **Redis Mode** to `Sentinel`.
+
+- **Database**: Redis database name; Data type: strings.
+
+- **Username**: Specify the Redis username to connect with. This field is required if your Redis instance uses [Redis ACL](https://redis.io/docs/latest/operate/oss_and_stack/management/security/acl/#create-and-edit-user-acls-with-the-acl-setuser-command) (introduced in Redis 6.0) for authentication. If your Redis server uses the default user (with ACLs disabled or not enforced), you can leave this field blank.
+
+  ::: tip
+
+  The `username` field is supported starting from EMQX 5.2.0. Ensure your deployment is running this version or later to use Redis ACL.
+
+  :::
+
+- **Password**: Specify the password for the Redis user. The field is required for connecting to Redis instances with authentication enabled.
+
+  - If you have entered a username, this password must match the credentials configured in your Redis ACL settings.
+  - If no username is provided, this password will be used to authenticate as the `default` user (if enabled).
+
+
+**TLS Configuration**: Turn on the toggle switch if you want to enable TLS. For more information on enabling TLS, see [Network and TLS](../../network/overview.md).
+
+**Connection Configuration**: Set the concurrent connections.
+
+- **Pool size** (optional): Specify the number of concurrent connections from an EMQX node to a Redis server. Default: `8`. 
+
+**Authentication configuration**: Configure settings related to authentication:
+
+- **Password Hash**: Select the password hashing algorithm applied to plain-text passwords before results are stored in the database. Available options are `plain`, `md5`, `sha`, `sha256`, `sha512`, `bcrypt`, and `pbkdf2`. Additional configurations depend on the selected algorithm:
+  - For `md5`, `sha`, `sha256` or `sha512`:
+    - **Salt Position**: Determines how salt (random data) is mixed with the password. Options are `suffix`, `prefix`, or `disable`.  You can keep the default value unless you migrate user credentials from external storage into the EMQX built-in database.
+    - Resulting hash is represented as a string of hexadecimal characters, and compared case-insensitively with the stored credential.
+  - For `plain`:
+    - **Salt Position**: should be `disable`.
+  - For `bcrypt`:
+    - **Salt Rounds**: Defines the number of times the hash function is applied, expressed as _2<sup>Salt Rounds</sup>_, also known as the "cost factor". The default value is `10`, with a permissible range of `5` to `10`. A higher value is recommended for enhanced security. Note: Increasing the cost factor by 1 doubles the necessary time for authentication.
+  - For `pbkdf2`:
+    - **Pseudorandom Function**: Selects the hash function that generates the key, such as `sha256`.
+    - **Iteration Count**: Sets the number of times the hash function is executed. The default is `4096`.
+    - **Derived Key Length** (optional): Specifies the length in bytes of the generated key. If left blank, the length will default to that determined by the selected pseudorandom function.
+    - Resulting hash is represented as a string of hexadecimal characters, and compared case-insensitively with the stored credential.
+- **CMD**: Redis query command. 
+
+After you finish the settings, click **Create**.
 
 ## Configure with Configuration Items